uncleflo

profile picture

Some cool dude. Higher order of decision making. Absolute.

Registered since September 28th, 2017

Has a total of 4281 bookmarks.

Showing top Tags within 1 bookmarks

howto   information   development   guide   reference   administration   design   website   software   solution   service   online   product   business   uk   tool   company   linux   code   server   application   system   web   list   video   marine   create   data   experience   tutorial   description   explanation   learn   technology   build   article   blog   world   boat   project   download   windows   lookup   security   free   performance   javascript   technical   london   control   network   beautiful   tools   support   course   file   research   purchase   image   library   programming   youtube   example   php   install   construction   opensource   community   html   quality   feature   profile   computer   power   browser   music   platform   process   mobile   work   user   share   manage   professional   database   hardware   buy   industry   internet   dance   advice   developer   installation   camera   search   3d   customer   access   material   travel   standard   money   test   develop   review   documentation   css   photography   engineering   webdesign   engine   device   digital   speed   api   source   event   program   management   question   client   phone   discussion   story   simple   water   content   marketing   yacht   app   account   setup   idea   interface   package   fast   communication   compare   cheap   script   market   study   easy   live   google   resource   operation   contact   demonstration   startup  


Tag selected: whitelist.

Clear all

Showing 1 results.

Looking up whitelist tag. Showing 1 results. Clear

A Silent Threat - PHP in EXIF

https://websec.io/2012/09/05/A-Silent-Threat-PHP-in-EXIF.html

Saved by uncleflo on February 24th, 2017.

Anyone who has done anything with file uploads knows that there's a lot to take into consideration when you're allowing your users to upload their own files up to the server. We've already covered some of the things you can do to help prevent some of the most common problems (bad MIME types, whitelisting file types, etc) but there's another one to consider that wasn't mentioned before. This "silent threat" comes in the form of PHP code embedded into the EXIF data on an image - jpg, gif, whatever. Since PHP only really has detection for things like MIME type, checking into the headers of uploaded images is difficult. Thankfully, there's a simple way to protect you and your application - don't use include (or the like) to load images into your site.

threat security php exif web development howto lamp administration problem whitelist consider consideration guide guidelines file server website


No further bookmarks found.